How does entropy measure the degree of anonymity a dataset provides?
The degree of anonymity depends on entropy — a measure of how hard it is for an attacker to uniquely single out one person, or infer their attributes, from the available information.
Borrowing from information theory, entropy here means uncertainty: the more equally plausible candidates an attacker faces, the higher the entropy and the stronger the anonymity.
Intuition:
- High entropy = strong anonymity — many people fit the available attributes, so the attacker can't tell which one is the target (a large, uniform anonymity set).
- Low entropy = weak anonymity — few candidates fit, or one is far more likely, so identification becomes easy.
Why it matters: anonymity isn't binary. The same record can be "anonymous" against an attacker with little side knowledge and "identifiable" against one with a rich external dataset — because that side knowledge reduces the entropy of the guess. This is exactly why three quasi-identifiers (birth date, ZIP, gender) can collapse a population down to a single person: each added attribute slashes the remaining uncertainty.
Tip: When judging anonymization, ask "how many real people could this record plausibly be?" — that count is, loosely, the entropy. If the answer is "one," there is no anonymity.
Go deeper:
Degree of anonymity (Wikipedia) — the entropy-based metric over an anonymity set.